program:
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ")
setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000080), &(0x7f0000001400)=ANY=[], 0x841, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)={0x44, r3, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @loopback=0xac1414aa}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @broadcast}]}, 0x44}}, 0x0)
sendmsg$NL80211_CMD_NEW_MPATH(r0, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x28, r1, 0x200, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004}, 0x8800)
lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00')
setxattr(&(0x7f0000000100)='./file3\x00', &(0x7f0000000140)=@known='trusted.overlay.metacopy\x00', &(0x7f0000000180)='/\x15\x00', 0x3, 0x1)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file3\x00', 0xa08802, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC], 0x1, 0x693, &(0x7f0000000ec0)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFqVQtweig+hBBcaCr0IW46F106QlaKE0qrv1x7yB6QHHQq9tNC7IYWe2h4KoTfRQwkUekkvurnM7Ky0trTKrixprebzMbPzzDyv89uZZzS7mA3wqXX1fJr3U+Tq+VdXy+2N9bn2xvrciTq7naRMN5JmZ5XiblJ8kFxJZ8lny511+aJfP+8tzV/78OONjzpbzXqpyjf2qjeYtXrJdJKxer3T+L7au963vd19vV4vbO0pto6wDNi5buBg1B7ssDZM9ce8boEnQdG5b+4wlZxMMln/HZB6dmgc7egO3lCzHAAAABxTT21mM6s5NepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHFSpDVWrTpLo5ueTtH9/f+Jel/q9LXGiMf8OO6PegAAAAAAAAAAcAA+v5nNrOZUkr+X2w863+y/WL2erl4/k7dzL4tZzoWsZiErWclyZpNM9TQ0sbqwsrI8O0DNS7vWvLS/8f9+f9UAAAAAAAAA4P/NT3O1+v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeGEUy1llVy+lueiqNZpLJJBNlubXkb930MVHstvP+0Y8DAAAAHsvkPuo8tZnNrOZUd/tBUT3zn62elyfzdu5mJUtZSTuLuVE/Q5dP/Y2N9bn2xvrcnY31uarj7z/o6LTzjf8MNYyqxXQ+e9i95+erEq3czFK150KuV4O5kUZVs/R8PZ6t5eFOflKOqfVKbcCR3ajXZWe/7vcpwkFoDFthqqo0vhWRmXpsZUNP7x2JT3x3mnv2NJvG1ic/p/foqXtIxZAxP9mtl+SXj8T8lX/99nsDNnMItiLRSBWJSz1n39mN9bmx9I158oU//u71W+27t2/dvHf+0E6jo/LoOTHXE4nn9j77nvBINIcsP1NF4szW9tV8K9/J+UzntSxnKT/IQlaymHpmzEJ9PpevUz1RSnZE6spDW6990kgm6velM4sOMqbpnKhSC3mxqnsqSynyZm5kMS9X/y5lNl/J5VzOfM87fKbvO1wdWzXTNoa76s99MduX+q/KmXqwesmfBy04vM4ttYzr0z1x7Z1zp6q83j3bUXpmgPvRkHNj83N1ouzjZ/u5bRyaRyMx2xOJZ/eOxG+qa+Ne++7t5VsLb/Vpf+2R7ZfGt9O/OMw789DK8+WZTNYzycNnR5n37NYs83C8JupvXDp5jR15Z6q8ouheqd/e5UotIz5flT67a0uXqrznduaN1SP/xz978h76eytv/mU08QRgSCe/dHKi9e/WX1vvt37eutV6dfKbJ7564oWJjP9p/GvNmbGXGi8Uf8j7+dH28z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB/99559/ZCu724vHui0T/rYBNF/UM+/co008oRDOMoE0Wy1n4wdrAtZ/THNUCi+yOCj9vO61eeiMM51omxJPWeHyfb50/9FnV+Ce27/x3ZDAUclosrd966eO+dd7+8dGfhjcU3Fu+OX748PzN/+eW5izeX2osznddRjxI4DNt/D4x6JAAAAAAAAAAAAMCgjuJ/GvR0Nz3CQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOqavn0xxPkdmZCzPl9sb6XLtcuuntks0kjUZS/DApPkiupLNkqqe5ol8/7y3NX/vw442Ptttqdss39qo3mLV6yXSSsXq9w8T+2rver72BFVtHWAbsXDdwMGr/CwAA//8xgggQ") (async)
setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f0000000080), &(0x7f0000001400)=ANY=[], 0x841, 0x0) (async)
socket$netlink(0x10, 0x3, 0x10) (async)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4) (async)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), 0xffffffffffffffff) (async)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)={0x44, r3, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @loopback=0xac1414aa}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @broadcast}]}, 0x44}}, 0x0) (async)
sendmsg$NL80211_CMD_NEW_MPATH(r0, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x28, r1, 0x200, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004}, 0x8800) (async)
lremovexattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='trusted.overlay.upper\x00') (async)
setxattr(&(0x7f0000000100)='./file3\x00', &(0x7f0000000140)=@known='trusted.overlay.metacopy\x00', &(0x7f0000000180)='/\x15\x00', 0x3, 0x1) (async)

[   59.167243][ T4670] Bluetooth: hci0: command tx timeout
[   59.208804][ T5321] loop0: detected capacity change from 0 to 1024
[   59.276868][ T5321] hfsplus: request for non-existent node 211 in B*Tree
[   59.279718][ T5321] hfsplus: request for non-existent node 211 in B*Tree
[   59.287601][ T5322] ==================================================================
[   59.290841][ T5322] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0xc4/0x1f0
[   59.294004][ T5322] Read of size 8 at addr ffff888036c5d6c8 by task syz.0.0/5322
[   59.296807][ T5322] 
[   59.297755][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.14.0-syzkaller-09584-g7d06015d936c #0 PREEMPT(full) 
[   59.297769][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   59.297775][ T5322] Call Trace:
[   59.297781][ T5322]  <TASK>
[   59.297786][ T5322]  dump_stack_lvl+0x241/0x360
[   59.297803][ T5322]  ? __pfx_dump_stack_lvl+0x10/0x10
[   59.297815][ T5322]  ? rcu_is_watching+0x15/0xb0
[   59.297825][ T5322]  ? __virt_addr_valid+0x183/0x530
[   59.297838][ T5322]  ? lock_release+0x4e/0x3e0
[   59.297848][ T5322]  ? __virt_addr_valid+0x183/0x530
[   59.297859][ T5322]  ? __virt_addr_valid+0x183/0x530
[   59.297872][ T5322]  print_report+0x16e/0x5b0
[   59.297885][ T5322]  ? __virt_addr_valid+0x183/0x530
[   59.297896][ T5322]  ? __virt_addr_valid+0x183/0x530
[   59.297906][ T5322]  ? __virt_addr_valid+0x45f/0x530
[   59.297916][ T5322]  ? __phys_addr+0xba/0x170
[   59.297925][ T5322]  ? hfsplus_bnode_read+0xc4/0x1f0
[   59.297935][ T5322]  kasan_report+0x143/0x180
[   59.297947][ T5322]  ? hfsplus_bnode_read+0xc4/0x1f0
[   59.297958][ T5322]  hfsplus_bnode_read+0xc4/0x1f0
[   59.297969][ T5322]  hfsplus_bnode_dump+0x28b/0x6b0
[   59.297989][ T5322]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   59.297999][ T5322]  ? hfsplus_bnode_write_u16+0xa8/0x100
[   59.298011][ T5322]  ? hfsplus_bnode_move+0x2e3/0x910
[   59.298018][ T5322]  ? __mark_inode_dirty+0x3db/0xe90
[   59.298026][ T5322]  hfsplus_brec_remove+0x42c/0x4f0
[   59.298036][ T5322]  __hfsplus_delete_attr+0x278/0x460
[   59.298045][ T5322]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   59.298055][ T5322]  ? hfsplus_attr_build_key+0xef/0x260
[   59.298063][ T5322]  hfsplus_delete_attr+0x2c6/0x310
[   59.298072][ T5322]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   59.298084][ T5322]  ? hfsplus_find_init+0x87/0x1d0
[   59.298095][ T5322]  ? hfsplus_find_init+0x14f/0x1d0
[   59.298105][ T5322]  __hfsplus_setxattr+0x38e/0x24d0
[   59.298117][ T5322]  ? kernel_text_address+0xa7/0xe0
[   59.298131][ T5322]  ? unwind_get_return_address+0x4d/0x90
[   59.298143][ T5322]  ? arch_stack_walk+0xff/0x150
[   59.298157][ T5322]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   59.298170][ T5322]  ? stack_trace_save+0x11a/0x1d0
[   59.298194][ T5322]  ? __kasan_kmalloc+0x9d/0xb0
[   59.298208][ T5322]  hfsplus_setxattr+0x11c/0x180
[   59.298222][ T5322]  hfsplus_trusted_setxattr+0x40/0x60
[   59.298236][ T5322]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[   59.298250][ T5322]  __vfs_setxattr+0x468/0x4a0
[   59.298267][ T5322]  __vfs_setxattr_noperm+0x12e/0x660
[   59.298282][ T5322]  vfs_setxattr+0x223/0x430
[   59.298297][ T5322]  ? __pfx_vfs_setxattr+0x10/0x10
[   59.298312][ T5322]  filename_setxattr+0x2dd/0x480
[   59.298323][ T5322]  ? __pfx_filename_setxattr+0x10/0x10
[   59.298333][ T5322]  ? getname_flags+0x1e2/0x530
[   59.298343][ T5322]  path_setxattrat+0x3f7/0x4c0
[   59.298355][ T5322]  ? __pfx_path_setxattrat+0x10/0x10
[   59.298366][ T5322]  ? __count_memcg_events+0x1e1/0x3d0
[   59.298379][ T5322]  ? reacquire_held_locks+0x12a/0x1e0
[   59.298394][ T5322]  __x64_sys_setxattr+0xbc/0xe0
[   59.298404][ T5322]  do_syscall_64+0xf3/0x230
[   59.298460][ T5322]  ? clear_bhb_loop+0x45/0xa0
[   59.298471][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.298481][ T5322] RIP: 0033:0x7f590818d169
[   59.298492][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   59.298501][ T5322] RSP: 002b:00007f5908f2b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[   59.298513][ T5322] RAX: ffffffffffffffda RBX: 00007f59083a6080 RCX: 00007f590818d169
[   59.298520][ T5322] RDX: 0000200000001400 RSI: 0000200000000080 RDI: 0000200000000280
[   59.298527][ T5322] RBP: 00007f590820e2a0 R08: 0000000000000000 R09: 0000000000000000
[   59.298533][ T5322] R10: 0000000000000841 R11: 0000000000000246 R12: 0000000000000000
[   59.298539][ T5322] R13: 0000000000000001 R14: 00007f59083a6080 R15: 00007fff80718308
[   59.298549][ T5322]  </TASK>
[   59.298553][ T5322] 
[   59.446427][ T5322] Allocated by task 5321:
[   59.448230][ T5322]  kasan_save_track+0x3f/0x80
[   59.450247][ T5322]  __kasan_kmalloc+0x9d/0xb0
[   59.452312][ T5322]  __kmalloc_noprof+0x28e/0x4d0
[   59.454722][ T5322]  __hfs_bnode_create+0x109/0x880
[   59.457100][ T5322]  hfsplus_bnode_find+0x235/0xe70
[   59.459058][ T5322]  hfsplus_brec_find+0x181/0x590
[   59.460910][ T5322]  hfsplus_attr_exists+0x15d/0x1d0
[   59.462935][ T5322]  __hfsplus_setxattr+0x357/0x24d0
[   59.465177][ T5322]  hfsplus_setxattr+0x11c/0x180
[   59.466985][ T5322]  hfsplus_trusted_setxattr+0x40/0x60
[   59.469262][ T5322]  __vfs_setxattr+0x468/0x4a0
[   59.471235][ T5322]  __vfs_setxattr_noperm+0x12e/0x660
[   59.473418][ T5322]  vfs_setxattr+0x223/0x430
[   59.475333][ T5322]  filename_setxattr+0x2dd/0x480
[   59.477170][ T5322]  path_setxattrat+0x3f7/0x4c0
[   59.479101][ T5322]  __x64_sys_setxattr+0xbc/0xe0
[   59.481203][ T5322]  do_syscall_64+0xf3/0x230
[   59.483220][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.485666][ T5322] 
[   59.486666][ T5322] The buggy address belongs to the object at ffff888036c5d600
[   59.486666][ T5322]  which belongs to the cache kmalloc-192 of size 192
[   59.492079][ T5322] The buggy address is located 48 bytes to the right of
[   59.492079][ T5322]  allocated 152-byte region [ffff888036c5d600, ffff888036c5d698)
[   59.497492][ T5322] 
[   59.498361][ T5322] The buggy address belongs to the physical page:
[   59.500577][ T5322] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36c5d
[   59.503599][ T5322] ksm flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   59.506502][ T5322] page_type: f5(slab)
[   59.508169][ T5322] raw: 04fff00000000000 ffff88801b0413c0 ffffea0000d461c0 dead000000000003
[   59.511513][ T5322] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   59.515058][ T5322] page dumped because: kasan: bad access detected
[   59.517566][ T5322] page_owner tracks the page as allocated
[   59.519865][ T5322] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 14227496893, free_ts 0
[   59.526685][ T5322]  post_alloc_hook+0x1f4/0x240
[   59.528500][ T5322]  get_page_from_freelist+0x3695/0x37e0
[   59.530618][ T5322]  __alloc_frozen_pages_noprof+0x2c5/0x7b0
[   59.532818][ T5322]  alloc_pages_mpol+0x339/0x690
[   59.534853][ T5322]  allocate_slab+0x8f/0x3a0
[   59.536683][ T5322]  ___slab_alloc+0xc3b/0x1500
[   59.538608][ T5322]  __slab_alloc+0x58/0xa0
[   59.540221][ T5322]  __kmalloc_cache_noprof+0x26a/0x370
[   59.542137][ T5322]  __usb_create_hcd+0x6d1/0x8d0
[   59.544113][ T5322]  vhci_hcd_probe+0x11d/0x3c0
[   59.545929][ T5322]  platform_probe+0x13a/0x1c0
[   59.547728][ T5322]  really_probe+0x2b9/0xad0
[   59.549565][ T5322]  __driver_probe_device+0x1a2/0x390
[   59.551867][ T5322]  driver_probe_device+0x50/0x430
[   59.554197][ T5322]  __device_attach_driver+0x2d6/0x530
[   59.556445][ T5322]  bus_for_each_drv+0x258/0x2e0
[   59.558526][ T5322] page_owner free stack trace missing
[   59.560780][ T5322] 
[   59.561780][ T5322] Memory state around the buggy address:
[   59.563942][ T5322]  ffff888036c5d580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   59.567039][ T5322]  ffff888036c5d600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   59.570399][ T5322] >ffff888036c5d680: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   59.573650][ T5322]                                               ^
[   59.576045][ T5322]  ffff888036c5d700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   59.579061][ T5322]  ffff888036c5d780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   59.582155][ T5322] ==================================================================
[   59.596456][ T5322] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   59.599380][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.14.0-syzkaller-09584-g7d06015d936c #0 PREEMPT(full) 
[   59.603610][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   59.607767][ T5322] Call Trace:
[   59.609093][ T5322]  <TASK>
[   59.610286][ T5322]  dump_stack_lvl+0x241/0x360
[   59.612016][ T5322]  ? __pfx_dump_stack_lvl+0x10/0x10
[   59.613823][ T5322]  ? __pfx__printk+0x10/0x10
[   59.615583][ T5322]  ? vprintk_emit+0x81f/0xa40
[   59.617426][ T5322]  ? vscnprintf+0x5d/0x90
[   59.619107][ T5322]  panic+0x349/0x880
[   59.620651][ T5322]  ? check_panic_on_warn+0x21/0xb0
[   59.622676][ T5322]  ? __pfx_panic+0x10/0x10
[   59.624434][ T5322]  ? _raw_spin_unlock_irqrestore+0x134/0x140
[   59.626823][ T5322]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   59.629304][ T5322]  check_panic_on_warn+0x86/0xb0
[   59.631311][ T5322]  ? hfsplus_bnode_read+0xc4/0x1f0
[   59.633296][ T5322]  end_report+0x77/0x160
[   59.635130][ T5322]  kasan_report+0x154/0x180
[   59.636936][ T5322]  ? hfsplus_bnode_read+0xc4/0x1f0
[   59.638976][ T5322]  hfsplus_bnode_read+0xc4/0x1f0
[   59.640540][ T5322]  hfsplus_bnode_dump+0x28b/0x6b0
[   59.642390][ T5322]  ? __pfx_hfsplus_bnode_dump+0x10/0x10
[   59.644445][ T5322]  ? hfsplus_bnode_write_u16+0xa8/0x100
[   59.646510][ T5322]  ? hfsplus_bnode_move+0x2e3/0x910
[   59.648486][ T5322]  ? __mark_inode_dirty+0x3db/0xe90
[   59.650452][ T5322]  hfsplus_brec_remove+0x42c/0x4f0
[   59.652397][ T5322]  __hfsplus_delete_attr+0x278/0x460
[   59.654530][ T5322]  ? __pfx___hfsplus_delete_attr+0x10/0x10
[   59.656809][ T5322]  ? hfsplus_attr_build_key+0xef/0x260
[   59.659016][ T5322]  hfsplus_delete_attr+0x2c6/0x310
[   59.661082][ T5322]  ? __pfx_hfsplus_delete_attr+0x10/0x10
[   59.663240][ T5322]  ? hfsplus_find_init+0x87/0x1d0
[   59.665075][ T5322]  ? hfsplus_find_init+0x14f/0x1d0
[   59.667015][ T5322]  __hfsplus_setxattr+0x38e/0x24d0
[   59.668906][ T5322]  ? kernel_text_address+0xa7/0xe0
[   59.670823][ T5322]  ? unwind_get_return_address+0x4d/0x90
[   59.672974][ T5322]  ? arch_stack_walk+0xff/0x150
[   59.674936][ T5322]  ? __pfx___hfsplus_setxattr+0x10/0x10
[   59.677041][ T5322]  ? stack_trace_save+0x11a/0x1d0
[   59.678950][ T5322]  ? __kasan_kmalloc+0x9d/0xb0
[   59.680704][ T5322]  hfsplus_setxattr+0x11c/0x180
[   59.682645][ T5322]  hfsplus_trusted_setxattr+0x40/0x60
[   59.684731][ T5322]  ? __pfx_hfsplus_trusted_setxattr+0x10/0x10
[   59.686891][ T5322]  __vfs_setxattr+0x468/0x4a0
[   59.688628][ T5322]  __vfs_setxattr_noperm+0x12e/0x660
[   59.690706][ T5322]  vfs_setxattr+0x223/0x430
[   59.692501][ T5322]  ? __pfx_vfs_setxattr+0x10/0x10
[   59.694532][ T5322]  filename_setxattr+0x2dd/0x480
[   59.696526][ T5322]  ? __pfx_filename_setxattr+0x10/0x10
[   59.698714][ T5322]  ? getname_flags+0x1e2/0x530
[   59.700620][ T5322]  path_setxattrat+0x3f7/0x4c0
[   59.702596][ T5322]  ? __pfx_path_setxattrat+0x10/0x10
[   59.704812][ T5322]  ? __count_memcg_events+0x1e1/0x3d0
[   59.706744][ T5322]  ? reacquire_held_locks+0x12a/0x1e0
[   59.708585][ T5322]  __x64_sys_setxattr+0xbc/0xe0
[   59.710411][ T5322]  do_syscall_64+0xf3/0x230
[   59.712184][ T5322]  ? clear_bhb_loop+0x45/0xa0
[   59.714098][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.716365][ T5322] RIP: 0033:0x7f590818d169
[   59.718049][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   59.724650][ T5322] RSP: 002b:00007f5908f2b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[   59.727996][ T5322] RAX: ffffffffffffffda RBX: 00007f59083a6080 RCX: 00007f590818d169
[   59.730761][ T5322] RDX: 0000200000001400 RSI: 0000200000000080 RDI: 0000200000000280
[   59.733520][ T5322] RBP: 00007f590820e2a0 R08: 0000000000000000 R09: 0000000000000000
[   59.736477][ T5322] R10: 0000000000000841 R11: 0000000000000246 R12: 0000000000000000
[   59.739307][ T5322] R13: 0000000000000001 R14: 00007f59083a6080 R15: 00007fff80718308
[   59.742343][ T5322]  </TASK>
[   59.743828][ T5322] Kernel Offset: disabled
[   59.745596][ T5322] Rebooting in 86400 seconds..